IDEAS home Printed from https://ideas.repec.org/p/byu/byumcl/201305.html
   My bibliography  Save this paper

Software Vulnerability Analysis in Cyber Security: A Network Structure Approach

Author

Listed:
  • Taylor J. Canann

    (Department of Economics, Brigham Young University
    Department of Economics, University of Minnesota)

Abstract

I analyze the effects of network structure, in particular network centrality, on vulnerability disclosure policy. My analysis finds that the structure of the network of households can greatly effect the overall welfare of the economy. Specifically, I find that the distribution of the centrality of the nodes and the radius of the network have a significant effect on the optimal disclosure policy system. I find that the level of activity by the software vendor to find vulnerabilities, alpha, only effects the household decision as a “show of good faith". As long as the software vendor puts a little effort into alpha, then the household is more likely to update and desire to purchase the software. However, at the margin, the centrality effects of the network dominate the effects of the software vendor's attempt to change alpha.

Suggested Citation

  • Taylor J. Canann, 2013. "Software Vulnerability Analysis in Cyber Security: A Network Structure Approach," BYU Macroeconomics and Computational Laboratory Working Paper Series 2013-05, Brigham Young University, Department of Economics, BYU Macroeconomics and Computational Laboratory, revised Apr 2014.
    • Handle: RePEc:byu:byumcl:201305
    as

    Download full text from publisher

    File URL: https://docs.google.com/file/d/0B6KGaihAO5TJWmZXczlYaWNpeFk/edit
    File Function: Second version, 2014
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Ashish Arora & Anand Nandkumar & Rahul Telang, 2006. "Does information security attack frequency increase with vulnerability disclosure? An empirical analysis," Information Systems Frontiers, Springer, vol. 8(5), pages 350-362, December.
    2. Jay Pil Choi & Chaim Fershtman & Neil Gandal, 2010. "Network Security: Vulnerabilities And Disclosure Policy," Journal of Industrial Economics, Wiley Blackwell, vol. 58(4), pages 868-894, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Lam, Wing Man Wynne, 2014. "Ex Ante and Ex Post Investments in Cybersecurity," TSE Working Papers 14-519, Toulouse School of Economics (TSE).
    2. Arrah-Marie Jo, 2019. "Software vulnerability disclosure and security investment [L'impact de la divulgation d’une faille de sécurité : au-delà des motivations de l’éditeur de logiciel]," Post-Print hal-03033198, HAL.
    3. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    4. Christopher Sprague & Jeffrey Wagner, 2018. "Economic Motivations for Software Bug Bounties," Economics Bulletin, AccessEcon, vol. 38(1), pages 550-557.
    5. Wing Man Wynne Lam & Jacob Seifert, 2023. "Regulating Data Privacy and Cybersecurity," Journal of Industrial Economics, Wiley Blackwell, vol. 71(1), pages 143-175, March.
    6. Amitava Dutta & Rahul Roy, 2008. "Dynamics of organizational information security," System Dynamics Review, System Dynamics Society, vol. 24(3), pages 349-375, September.
    7. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    8. Lam, Wing Man Wynne, 2016. "Attack-prevention and damage-control investments in cybersecurity," Information Economics and Policy, Elsevier, vol. 37(C), pages 42-51.
    9. Terrence August & Duy Dao & Marius Florin Niculescu, 2022. "Economics of Ransomware: Risk Interdependence and Large-Scale Attacks," Management Science, INFORMS, vol. 68(12), pages 8979-9002, December.
    10. Aniruddha Bagchi & Tridib Bandyopadhyay, 2018. "Role of Intelligence Inputs in Defending Against Cyber Warfare and Cyberterrorism," Decision Analysis, INFORMS, vol. 15(3), pages 174-193, September.
    11. Terrence August & Duy Dao & Kihoon Kim, 2019. "Market Segmentation and Software Security: Pricing Patching Rights," Management Science, INFORMS, vol. 65(10), pages 4575-4597, October.
    12. Anum Khan & Muhammad Shujaat Mubarik & Navaz Naghavi, 2023. "What matters for financial inclusions? Evidence from emerging economy," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 28(1), pages 821-838, January.
    13. Josef Åström & Wiebke Reim & Vinit Parida, 2022. "Value creation and value capture for AI business model innovation: a three-phase process framework," Review of Managerial Science, Springer, vol. 16(7), pages 2111-2133, October.
    14. Bienz, Carsten & Juranek, Steffen, 2020. "Software vulnerabilities and bug bounty programs," Discussion Papers 2020/4, Norwegian School of Economics, Department of Business and Management Science.
    15. Terrence August & Tunay I. Tunca, 2011. "Who Should Be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments," Management Science, INFORMS, vol. 57(5), pages 934-959, May.
    16. Qian Tang & Andrew B. Whinston, 2020. "Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment," Production and Operations Management, Production and Operations Management Society, vol. 29(2), pages 410-427, February.
    17. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    18. Chaim FERSHTMAN & Neil GANDAL, 2012. "Migration to the Cloud Ecosystem: Ushering in a New Generation of Platform Competition," Communications & Strategies, IDATE, Com&Strat dept., vol. 1(85), pages 109-123, 1st quart.
    19. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    20. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.

    More about this item

    Keywords

    Vulnerability Analysis; Network Theory; Cyber Security; Disclosure Policy; Information Security; Network Centrality.;
    All these keywords.

    JEL classification:

    • C7 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory
    • L14 - Industrial Organization - - Market Structure, Firm Strategy, and Market Performance - - - Transactional Relationships; Contracts and Reputation
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software
    • O3 - Economic Development, Innovation, Technological Change, and Growth - - Innovation; Research and Development; Technological Change; Intellectual Property Rights

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:byu:byumcl:201305. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Kerk Phillips (email available below). General contact details of provider: https://edirc.repec.org/data/debyuus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.